X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/blobdiff_plain/f052839bbe7c27d13051afcde167724edad6fdc9..994ac8d0782c89a636f47b02a2dc096c72ff58c5:/fender.m4

diff --git a/fender.m4 b/fender.m4
index 5f9597d..00375a2 100644
--- a/fender.m4
+++ b/fender.m4
@@ -39,7 +39,10 @@ iptables -A inbound -p udp -j ACCEPT \
 	-s 172.29.198.0/23
 ip6tables -A inbound -p udp -j ACCEPT \
 	--source-port 123 --destination-port 123 \
-	-s 2001:470:9740::/48
+	-s 2001:ba8:1d9::/48
+ip6tables -A inbound -p udp -j ACCEPT \
+	--source-port 123 --destination-port 123 \
+	-s 2001:8b0:c92::/48
 
 ## Guaranteed black hole.  Put this at the very front of the chain.
 run iptables -I INPUT -d 212.13.198.78 -j DROP
@@ -84,7 +87,7 @@ run ebtables -A check-bcp38 -j RETURN -p ip6 --ip6-source fe80::/10
 run ebtables -A check-bcp38 -j bcp38 -p ip6
 run ebtables -A FORWARD -j check-bcp38 -o bond0
 
-## There's a hideous bug in Linux' 3.2.51-1's ebtables: for some reason it
+## There's a hideous bug in Linux 3.2.51-1's ebtables: for some reason it
 ## misparses (at least) locally originated multicast packets, and tries to
 ## extract IP header fields relative to the start of the Ethernet frame.  The
 ## result is obviously a hideous mess.  Don't try to do BCP38 checking for